Date: Sat, 01 Dec 2001 15:32:04 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: scott <scott@bsdprophet.org> Cc: freebsd-security@FreeBSD.ORG, Dave <mudman@R181172.resnet.ucsb.edu> Subject: Re: options USER_LDT Message-ID: <XFMail.011201153204.jhb@FreeBSD.org> In-Reply-To: <3C08E711.A4B08098@bsdprophet.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01-Dec-01 scott wrote: > Dave wrote: >> >> I really have no clue what the kernel option: >> options USER_LDT >> >> means, except this rugged definition I found in LINT (paraphrase): >> "Allow applications running in user space to manipulate the Local >> Descriptor Table (LDT)" >> >> Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that >> someone, somewhere, thought it would be a good idea to have this disabled >> by default and maybe it was meant to be added in only by people who know >> what they are doing. >> >> Is there a security risk by allowing programs to access the Local >> Descriptor Table? (I'm not sure what the LDT is, but if it was off for a >> reason I wouldn't want to challenge the decisions of those more informed >> than myself. If it wasn't for an efficiency judgement, it could of been >> for a security judgement) > > Yes there is a security risk. > Here read all about it: > http://www.phrack.org/show.php?p=51&a=9 What in the _world_ does this have to do with _LDT_ (aka Local Descriptor Table). This is talking about making a LKM (Loadable Kernel Module) which is an entirely separate issue from LDT. I don't know of any security problems with LDT's, please stop spreading FUD. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011201153204.jhb>